09-11-2007 11:03 AM
Using ACE to offload SSL, where the ACE talks to the client over SSL and then talks to a couple of SAP WebDispatchers (WD) on HTTP.
All setup and working except for a niggling issue. Basically the WD see the request from ACE on HTTP and build some dynamic links hardcoded within content as "http://excample.com/..." not "https://example.com/..".
Our SAP development say this is a common issue and can be solved by getting the ACE to ammend the host header to include "ClientProtocol" setting defined as HTTPS.
Has anyone seen this before and know the syntax?
09-12-2007 10:07 AM
I'm trying to config the same thing. Are you willing to share your configs?
09-13-2007 12:23 AM
You guys are trying to run an Enterprise Portal? I am running EP6 over the ACE's and the SAP-Netweaver Admins have to adjust several parameters within the Application and NOT the ACE.
To make sure ssl termination works flawlessly they had to set a proxy value/parameter on the J2EE Engine with the according ports.
If you need further info or config examples i can help you out once i am back in the office i can also ask the SAP guys at my place for the settings you need.
Roble
09-13-2007 02:00 AM
Hi Roble,
Any info/config that you have would be very useful. The sap guys say the can get the ClientProtocol setting work via Apache as a reverse proxy, without the need to change the SAP end, but I think they are looking to push the burden!
If you can let me know the changes to the proxy value/param for J2EE that would be great.
Rich
09-14-2007 12:54 AM
Got the Settings for the URL Rewrite within the Netweaver Portal.
Set in the HTTP-Servers section of the dispatcher the parameter "ProxyMappings" to following.
50200=(Host:foo.bar.com,Port:443,Scheme:https,Override:true)
As the servers increment their dialog port per server instance you probably need this entry for every server in your farm e.g. 50200,50300 etc.
And we don't use an apache as proxy here just ACE and then Portal-Servers.
If you need some ACE specific settings let me know.
Hope it helps.
Roble
09-14-2007 03:13 AM
I would sure appreciate the ACE config.
Thanks!
09-14-2007 03:52 AM
09-14-2007 05:39 AM
Are you using the sing sign on feature that uses your windows credentials to log you on to SAP?
09-14-2007 06:07 AM
Yes the portal uses the SPNEGO/Kerberos Add-on for single sign on.
05-22-2008 07:46 AM
Hi Roble,
Do you mean to say that The load balancer can do an HTTPS GET over SSL to verify that the portal environment is up and running.
Am I correct?Please calrify my Doubt and let me know whether I need to make the changes explained by you in this thread to achieve the https request?
Regards,
Karthick Eswaran
05-22-2008 10:18 AM
We terminate the SSL Traffic on the ACE and speak "plain" HTTP towards the EP6 Servers running the Dispatchers.
Client <-HTTPS-> ACE <-HTTP-> EP6 Server.
The probes are done in plain http in our design. We have a page that simply gets generated if the J2EE Engine and all the other related SAP stuff is up and running. We check this page for return code 200 or 401. If we don't get them we assume the server is down.
The Proxy statement i posted earlier was necessary to make sure the EP-Application does not break the SSL traffic. The SAP code sometimes generates http URL's within the portal navigation and that setting makes sure it uses https instead. But for details you have to ask the Netweaver Admins.
Hope it helps
Roble
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide